BugTraq
IE: double slash moves cache from INTERNET zone to MYCOMPUTER zone Nov 05 2003 10:31AM
Liu Die Yu (liudieyuinchina yahoo com cn) (1 replies)
Re: IE: double slash moves cache from INTERNET zone to MYCOMPUTER zone Nov 10 2003 03:35PM
3APA3A (3APA3A SECURITY NNOV RU)
Dear Liu Die Yu,

In my case (XPSP1 + IE6SP1 + all hotfixes) it doesn't work. Probably
it's older bug (same thing was with \\.\Drive:\)

--Wednesday, November 5, 2003, 1:31:53 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:

LDY> double slash moves cache from INTERNET zone to MYCOMPUTER zone
LDY> ("that's all" is the end of file if you are in a hurry)

LDY> [tested]
LDY> OS:WinXp
LDY> Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/10/30

LDY> [technical detail]
LDY> copy an EXE file to your cache directory:
LDY> [SysDrive]:\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5\EXE.EXE
LDY> then try to use CODEBASE trick to execute that file (refer to http://continue.to/trie --> "codebase local path"), you'll get an error message.
LDY> however set CODEBASE to:
LDY> [SysDrive]:\\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5\EXE.EXE
LDY> (double slash after [SysDrive])
LDY> EXE.EXE in cache directory will be executed.

LDY> conclusion:
LDY> [SysDrive]:\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5LDY> is treated in INTERNET zone.
LDY> but
LDY> [SysDrive]:\\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5LDY> is treated in MYCOMPUTER zone.

LDY> that's all.

LDY> of course, it's added to "Unpatched IE Bugs" list maintained by me. here: http://continue.to/trie

LDY> [greeting]
LDY> greetings to:
LDY> the Pull, dror, guninski and mkill.

LDY> -----
LDY> all mentioned resources can always be found at UMBRELLA.MX.TC

LDY> [contact]
LDY> UMBRELLA.MX.TC ==> How to contact "Liu Die Yu"

--
~/ZARAZA
Ïîêà âû âî âëàñòè ïðîâèäåíèÿ, âàì íå óäàñòñÿ óìåðåòü ðàíüøå ñðîêà. (Òâåí)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus